EFF announces they put their (our?) WiFi router under fire at DEFCON 22 and asks you (us?) for help hardening it by showing how you can break it:
As part of our Open Wireless Movement, we set out to create router software that would make it easier for people to safely and smartly share part of their wireless network. Protecting hosts, so their security is not compromised because they offer open networks, is one of the goals of the router software we released. However, as research published by Independent Security Evaluators (ISE) and others has shown, almost every popular home router has serious security flaws.
With this in mind, we're teaming up with ISE to host "SOHOpelessly Broken," a router hacking contest this year at DEF CON 22. Focusing on small office/home office (SOHO) equipment, this contest will reward the discovery of zero-day vulnerabilities in fully updated, popular off-the-shelf SOHO routers,[...]
By joining, you'll also have a chance to hack away at our Open Wireless Router. It's looking more and more like our project will be the first home router and firmware that we know of to undergo regular, public, third-party security assessments.
(Score: 4, Informative) by c0lo on Friday August 01 2014, @01:50PM
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 2) by janrinok on Friday August 01 2014, @01:55PM
Thank you - I've updated TFA.
(Score: 1, Informative) by Anonymous Coward on Friday August 01 2014, @03:09PM
Thank you for this.
but still I have to ask the question why the radio-antenna combo thingy needs to be on the same physical device as the part that connects to the internet (adsl-modem cable-modem)?
Is this maybe because we are used to the speakers being in the same oldskool ghetto-blaster box as the tuner?
in some houses the "internet connection" comes in the basement. this is hardly a good location to put a wifi antenna?
also the "dumber" the device the less RAM/ROM it has, so also less space to fit in some extra(bad)code?
example of a "good" AP (personal opinion). less then 1 Watt draw, goes about 50 meter. Can be fitted into a chinese wok for directional application. 4 MB RAM. weight is low enough that it can hang from own usb-cable:
TL-WR702N: http://www.tp-link.com/en/products/details/?model=TL-WR702N [tp-link.com]
(Score: 1) by karmawhore on Friday August 01 2014, @05:05PM
=kw= lurkin' to please
(Score: 3, Informative) by frojack on Friday August 01 2014, @07:05PM
I think it only makes sense from "complexity vs Joe Sixpack" point of view. Not wanting to burden customers with two or possibly three devices, the ISPs bundle it all in one device. I'm not even sure it makes sense from a cost point of view given the cheapness of today's hardware.
I've busted mine all out. I use their modem set to pass-through mode, into my Linux IpTables-based router, and use my own WIFI router strictly as a bridging AP.
I distrust their router. I distrust my AP.
Hell I even distrust my Linux DHCP server and have it rigged to send me an email for each new mac address if offers an IP to.
Can't say as I recommend this setup for Ma and Pa Polyester.
No, you are mistaken. I've always had this sig.
(Score: 3, Informative) by karmawhore on Friday August 01 2014, @07:22PM
That's actually really sensible, and I'm going to implement it as soon as I get home.
=kw= lurkin' to please
(Score: 2, Funny) by Anonymous Coward on Friday August 01 2014, @06:12PM
"weight is low enough that it can hang from own usb-cable"
Is that with or without the wok attached?
(Score: 2) by SlimmPickens on Friday August 01 2014, @09:43PM
I don't understand this. If you plug an AP into an ethernet port on your router/switch it still has direct access to the local bridge, and therefore everything on your network. Any decent router is going to let you decide exactly what is attached to the local bridge (even if it is in the same box) and where it fits into the forwarding chains. Little pissy routers won't let you do that with either way. What has putting it in a different box achieved?
Am I not understanding something?
(Score: 0) by Anonymous Coward on Saturday August 02 2014, @01:39PM
the wifi AP was recommended to just be a tiny spec of electronic dust at the tip-end of a 50 meter long lan-ethernet cable.
visual: imagine just holding up a ethernet cable with jack into the air. that's your wifi AP.
(Score: 0) by Anonymous Coward on Saturday August 02 2014, @01:45PM
maybe it was not clear:
there are probably two schools of thought:
1) one monster AP with a 8 dpi omni that blast (sry) thru the whole house/apparment. no need to fuss with ethernet cables. imagine one light-blub for the whole house :)
2) small AP hanging of the tip of ethernet cables with small(ish) output with lil coverage area (and own channel?). needs ethernet-fussy-"backbone". imagine a small bed-side lamp.
(Score: 3, Informative) by TheLink on Friday August 01 2014, @04:56PM
This is actually more from a provider's perspective. There are many who would want to provide wifi that's easy to connect (no need for usernames, passwords etc) to but don't want users to be able to eavesdrop on each other. Providers could still force users to log on via captive portals if they want, but that's another story.
(Score: 3, Interesting) by frojack on Friday August 01 2014, @06:53PM
Oh hell yes, just ask Comcast/Xfinity who have seen fit to foist an open wifi channel on their customer base with the straight faced assertion that it it totally separate from the customer's side.
Instead of the EFF trying to break their own router they should subscribe to Xfinity and offer reward for breaking from the public side into the customer side.
No, you are mistaken. I've always had this sig.
(Score: 2) by Immerman on Friday August 01 2014, @07:45PM
Perhaps I misread, but isn't their basic assertion that NONE of the currently deployed routers are up to the task? In which case what's the point of challenging people to provide more evidence of their lack of suitability? It might be a tittilating PR move, but do you really believe Comcast, etc would stop pushing customers into conformance with their new business plan just because a few geeks have accumulated yet more evidence that their assurances of security are false?
On the other hand a challenge to break into an open source router designed specifically to actually be secure offers you the opportunity to uncover and repair those flaws so that, eventually, we can hope for a router that could actually be trusted to do the job.
(Score: 3, Insightful) by frojack on Friday August 01 2014, @08:21PM
Yes, I do believe that as soon as someone breaks Comcast's Vlan based separation scheme and uses it to steal private data or credit cards, the whole plan comes crashing down with every State's Attorney going after them with knives. Google did less, and is still paying for it.
No, you are mistaken. I've always had this sig.
(Score: 1, Informative) by Anonymous Coward on Friday August 01 2014, @08:36PM
> Perhaps I misread, but isn't their basic assertion that NONE of the currently deployed routers
> are up to the task? In which case what's the point of challenging people to provide more
> evidence of their lack of suitability?
There are two tasks:
(1) General soho operation
(2) Openwireless functionality
This is about improving #1 by exposing holes that will be reported to the vendors for patching.
They recognize that not everyone can run their own custom router software since it only works on one, end-of-lifed model anyway.
(Score: 1, Insightful) by Anonymous Coward on Friday August 01 2014, @07:13PM
> is there a standard for secure "open" wifi yet?
Yes, it is called EAP-UNAUTH-TLS. [wikipedia.org]
Here is a little bit of discussion on the openwireless mailing list [openwireless.org] as to how it came into being.
(Score: 0) by Anonymous Coward on Saturday August 02 2014, @05:52PM
(Score: 4, Funny) by GlennC on Friday August 01 2014, @06:56PM
Are they going to drop it off, or should I go visit them?
Do they want to keep the case, or should I just bring a hammer and chisel?
Happy Friday! :)
Sorry folks...the world is bigger and more varied than you want it to be. Deal with it.